Risk profiling, a visual discussion

stick_figures_reporting_to_manager_400_clr_9595Risk profiling needs to move to a visual discussion.

Risk profiling practices of today are generally text based and focused on developing risks around words and sentences to represent the risk, controls and actions.  Yet research by 3M, highlighted in this blog post,  “concluded that we process visuals 60,000 times faster than text. Further studies find that the human brain deciphers image elements simultaneously, while language is decoded in a linear, sequential manner taking more time to process.”

So why is it we persist with representing risks to people in a non-visual manner.  In particular, why do we revert to non-visual methods in the process of performing the risk assessments and then in the initial representation of risks?  Of course, most people will report on components of risk profiling using charts and visual tools, but the process itself of performing the risk assessment will generally be “words” focused.

Of course a visual approach has risks.  How can a visual truly represent a risk?  People may interpret visuals very differently, how do we know everyone is thinking the same thing?  But I challenge you that even with text, this risks exist.

Here is a little visual exercise for you.  Try and guess what risks these visuals represent.

thief_stealing_credit_card_400_clr_7276

creating_a_better_process_400_clr_7366

radiation_expert_paranoid_400_clr_8948

walking_debt_chain_ball_400_clr_10149

How did you do?  Print this page and show 3 colleagues and see what they guess these risks to be.

There will be differences, for instance the first one could be credit card fraud, fraud, theft, or even breach of privacy.  Interestingly these are all essentially similar risk themes, therefore even though there are variances, the variances do not cause the risk assessment process to degrade. For the process orientated reader, the other 3 pictures are process failures or problems, environmental hazards, and financial risk.

Once you have completed the “survey” of your colleagues with the visual risks.  Provide them written risk statements and ask them to explain the risk to you.  What differences do you see in the responses?

Now ask them to rate which they prefer in regards to documenting risks.

The Power of Visual Communication highlights that, “How many times have you heard, “I didn’t believe it until I saw it.” Studies show that the old saying “seeing is believing” is mostly true. Of course, we know that what we see can be manipulated but the point is that visuals are persuasive. The Stanford Persuasive Technology Lab asked 2,440 participants how they evaluated the credibility of Web sites they were shown. Almost half (46.1%) said that the Web site’s design look was the number one criterion for discerning the credibility of the presented material.”

We suspect, that based on your research you may find that a large number of people would prefer the visual cues for discussing risks.  Of course, from a regulatory perspective, visuals are not going to be enough to provide clarity of risk and are also very difficult to populate into existing risk management tools.  Therefore, a balance between the two is required.

The intent of this posting is not to say all risk assessments should use pictures, but rather that thinking differently about risk profiling will provide valuable results to your business and your risk management process.  In particular, ensuring that risk profiling resonates with as many people as possible, through both visual and written means, will provide better business outcomes and a more engaging discussion.

Risk profiling needs to be a visual discussion because people want to be engaged using all mediums possible.  Regardless of their generation.

More from the Reading Room

The Qantas privacy finding: a positive lesson in third-party oversight

A serious data breach does not automatically mean governance failed. The more important question is whether an organisation can demonstrate that it understood the risks,...

APRA’s CPS 230 Tweaks: Small Amendment, Big Governance Signal

APRA has released final targeted amendments to CPS 230 Operational Risk Management. The item is current and sits within APRA’s prudential framework, so boards and risk teams should treat it as a live governance and…

“Cheap and Out of Date”, a Board-Level Resilience Question

A practical risk maturity article using a current event to test ownership, evidence, controls, challenge and decision quality.

Everyone Passed. That’s Not the Point.

APRA's inaugural System Risk Stress Test found four major banks and six super funds individually resilient, but exposed concentration risk and a super-fund liquidity mechanism that could amplify a system-wide shock.